The present invention relates generally to personal identification or verification systems and, more particularly, to systems that automatically verify a person's identity before granting access to valuable information or granting the ability to perform various transactions remotely. Traditionally, keys and locks, or combination locks, have been used to limit access to property, on the theory that only persons with a right to access the property will have the required key or combination. This traditional approach is, of course, still widely used to limit access to a variety of enclosed spaces, including rooms, buildings, automobiles and safe deposit boxes in banks. In recent years, mechanical locks have been supplanted by electronic ones actuated by encoded plastic cards, as used, for example, for access to hotel room doors, or to bank automatic teller machines (ATMs). In the latter case, the user of the plastic card as a "key" to a bank account must also supply a personal identification number (PIN) before access is granted.
A significantly different problem is presented when someone seeks access to information remotely, such as by telephone or through some other type of communication network. Telephone verification of identity is typically accomplished using passwords, personal identification numbers (PINs), or words of which only a limited number of people have knowledge. Banks frequently use the customer's mother's maiden name as an access code, sometimes coupled with other codes or numbers theoretically known only to the customer. There are many practical shortcomings to this approach, the most obvious of which is that any of these codes or secret words can be stolen, lost or fall into the wrong hands by other means. Security may be increased by encoding identity data into magnetic stripes on plastic identification cards, which are used in conjunction with telephones that have appropriate card readers. The use of "smart cards" containing even more information on an integrated-circuit chip has also been proposed, but these approaches also have the drawback that the identity cards may be lost or stolen.
Accordingly, there is a widely felt need for a more reliable technique for providing secure access to information and assets, particularly for users who seek this access over a communication system of some kind. Ideally, the technique should positively verify the identity of the person seeking remote access, and should eliminate the need to carry multiple scannable cards, and the need to memorize combinations, passwords and PINs. The present invention satisfies this need.